Identity theft - don't be a victim

By Pat Bitton

Friday, March 17, 2006

By Pat Bitton

These days it's almost impossible to read a newspaper or listen to the radio without hearing how yet another person had their identity stolen (or another business executive made identity theft easy by leaving customer data lying around on the back seat of a car). Not so long ago, this newspaper reported on the strange case of Karen Sue Smith of Ukiah, who had been living under the name Karen Goldsmith, an identity stolen some years earlier from a Fortuna resident; the theft was only discovered when Smith's death was reported under Goldsmith's name.

A recent survey by the Better Business Bureau indicated that 9.3 million American adults were victims of identity theft in some form in the past twelve months. Computer industry analyst Gartner Group reported that almost half of the 5,000 Internet users it surveyed said that concerns about the security of their information online had curtailed their online shopping behavior.

The dot-com age didn't invent identity theft -- which is in reality just another form of fraud, like check forgery or the creation of fake social security cards -- but it did make life significantly easier for the fraudsters. No longer did they have to go Dumpster-diving to find credit card receipts -- when web commerce arrived, they simply had to go online, hook up with a hacker or simply find a site with less than adequate security, and they could steal all the information they needed to abuse someone else's identity. And now the hackers have been joined by the "phishers" -- those charmers who send out convincing-looking e-mails that purport to be from eBay, PayPal, or any number of well-known financial institutions and use sophisticated social engineering techniques to induce you to hand over your bank account details or social security number.

So how can you protect your identity online?

Rule 1

Never go online without having a firewall in place on your computer. There are no exceptions to this rule, and there is no excuse for not having a firewall. There are a number of perfectly good firewalls available at no cost -- ZoneAlarm and Outpost are both well-regarded by the tech community and are reasonably easy to use. Both companies also offer more extensive products at a fee, as do other security software companies like Symantec, McAfee, Computer Associates, and Sunbelt Software.

Rule 2

Scan your computer regularly for viruses and spyware. Although some anti-virus companies claim to detect and remove spyware as well, as of now, you're still better off with two separate products -- an anti-virus product and an anti-spyware product. Your computer probably came with anti-virus pre-installed - but are you keeping it up to date? If not, it's about as useful as a broken umbrella in a rainstorm - it's not going to keep much out. Anti-spyware products are widely available online, both in free and commercial versions - check out PC Magazine's online spyware center at http://www.pcmag.com/category2/0,1874,1639157,00.asp.

Rule 3

Keep your operating system and applications updated with the latest patches. Microsoft sends out those update notices for a reason -- don't ignore them. Microsoft, by the way, has a very useful website called Security At Home (http://www.microsoft.com/athome/security/default.mspx), which goes into a lot more detail than I can here about how to look out for yourself online.

Rule 4

Trust no one. Unfortunate but true. Those e-mails that purport to come from eBay, PayPal and the rest? If you don't have an account with these companies, you have no reason to do anything other than delete the message without opening it. If you do have an account with the company, contact their customer service department by telephone or a new e-mail (don't reply to the suspicious e-mail) and ask if the e-mail is genuine. Never, ever click on a link in one of these e-mails. Curiosity online may not kill the cat, but it can easily kill your credit rating.

Identity theft is as much a problem for business as it is for individuals. We are entering an era where online shopping, banking, and bill-paying are becoming the norm, and the web is the first place many people turn to to expand their social networks through chat rooms and other online communities like MySpace.com. But if we can't trust what happens to our private information when we go online, these businesses can't develop, and commerce stagnates.

Next week, we'll take a closer look at the worst culprit in the online identity theft wars -- spyware.

Pat Bitton is a partner in Euresto Partners, a sales and marketing consultancy specializing in helping small and startup technology companies build their businesses, a member of the Redwood Technology Consortium(http://www.redwoodtech.org), and a board member of the Sequoia Park Zoo Foundation.